Sean Thompson

It finally pulled the images with that plugin active. I’ll see if it continues to work.

I changed || to && added my own ip and was able to access wp-json when not logged in.

This is how I’m disabling REST api on front end…

function otw_disable_rest_api() {

	$whitelist = array('127.0.0.1', '209.159.155.107', '102.221.36.98', '103.106.229.82', '103.106.229.94', '103.146.63.42', '103.152.118.219', '103.152.118.72', '103.164.203.163', '103.167.151.84', '103.72.163.222', '103.75.117.169', '104.244.77.37', '108.181.1.235', '108.61.158.223', '108.61.200.94', '109.248.43.195', '135.148.120.32', '136.243.106.228', '139.84.230.39', '141.164.38.65', '145.239.252.65', '146.88.239.197', '147.78.0.165', '147.78.3.161', '149.202.71.83', '149.28.136.245', '149.28.47.113', '149.28.85.239', '152.53.162.246', '152.53.36.14', '152.53.38.14', '154.205.144.192', '155.138.221.81', '156.67.218.140', '157.90.154.114', '158.51.123.249', '162.254.117.80', '162.254.118.29', '163.182.174.161', '163.47.21.168', '164.52.202.100', '167.71.185.204', '167.88.61.211', '170.249.218.98', '173.234.26.74', '176.9.114.118', '178.17.171.177', '178.22.124.247', '178.22.124.251', '178.255.220.12', '18.192.146.200', '185.116.60.231', '185.116.60.232', '185.126.237.51', '185.186.78.89', '185.212.169.91', '185.228.26.40', '185.231.233.130', '185.53.57.40', '185.53.57.89', '188.172.228.182', '188.172.229.113', '188.64.184.71', '190.92.176.5', '191.96.101.140', '192.248.156.201', '192.248.191.135', '192.99.38.117', '193.203.191.189', '194.36.144.221', '195.137.220.243', '195.231.17.141', '199.247.28.91', '199.59.247.242', '199.71.214.15', '201.182.97.70', '202.61.226.253', '204.10.163.237', '209.124.84.191', '209.208.26.218', '211.23.143.87', '213.159.1.75', '213.183.48.170', '213.184.85.245', '216.128.179.195', '216.238.104.48', '216.238.71.13', '23.160.56.125', '31.131.4.244', '31.22.115.186', '31.40.212.152', '37.120.163.165', '38.114.121.40', '38.54.30.228', '38.54.79.187', '38.60.253.237', '41.185.29.210', '41.223.52.170', '45.124.65.86', '45.248.77.61', '45.32.123.201', '45.32.183.112', '45.32.67.144', '45.32.77.223', '45.63.67.181', '45.76.247.71', '45.76.252.131', '45.77.148.74', '45.77.165.216', '45.77.51.171', '46.16.131.231', '46.250.220.133', '49.12.102.29', '5.134.119.103', '5.134.119.194', '51.158.202.109', '51.81.186.219', '51.81.33.156', '54.36.103.97', '61.219.247.87', '61.219.247.90', '64.176.165.8', '64.176.4.251', '64.227.16.93', '65.108.104.232', '65.109.39.175', '65.20.76.133', '65.21.81.50', '65.21.81.51', '66.42.124.101', '66.42.75.121', '67.219.99.102', '69.50.95.250', '79.172.239.249', '81.31.156.245', '81.31.156.246', '86.105.14.231', '86.105.14.232', '89.147.110.130', '89.58.38.4', '91.148.135.53', '91.201.67.121', '91.228.7.67', '92.118.205.75', '94.75.232.90', '95.179.145.87', '95.179.245.162', '95.216.116.209');
	
	if( ! is_user_logged_in() || ! in_array( $_SERVER[ 'REMOTE_ADDR' ], $whitelist ) ) {
		die('REST API is disabled.');
	}	
}
add_filter( 'rest_api_init', 'otw_disable_rest_api', 1 );

I tested this with my own IP in the whitelist and I was able to access it fine. On my own site I added the Stripe IPs for the webhook requests and it works fine.

I disabled the plugin and still couldn’t pull images.

I already test it was reading the correct IP based on another thread on here. No proxy involved.

163.182.174.161 is whitelisted

How is it returning 200 in the logs then?

Not sure what the 301 is.

Nothing should be causing 403.

Stopped working again. Seems to be just one site this time. Another one pulled images two days ago.

Here are the entries from the access log from today…

152.53.38.14 - - [31/Jul/2025:08:09:25 -0400] "POST /?rest_route=/litespeed/v3/wp_rest_echo HTTP/1.1" 200 785 "-" "QUIC cloud bot/1.0"
152.53.38.14 - - [31/Jul/2025:08:09:52 -0400] "POST /?rest_route=/litespeed/v3/wp_rest_echo HTTP/1.1" 200 1205 "-" "QUIC cloud bot/1.0"
45.76.252.131 - - [31/Jul/2025:08:09:53 -0400] "POST /?rest_route=/litespeed/v3/ip_validate HTTP/1.1" 200 1078 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html) Chrome/112.0.0.0 Safari/537.36"
45.76.252.131 - - [31/Jul/2025:08:09:54 -0400] "POST /?rest_route=/litespeed/v3/ip_validate HTTP/1.1" 200 1078 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html) Chrome/112.0.0.0 Safari/537.36"

103.167.151.84 - - [31/Jul/2025:08:11:25 -0400] "POST /?rest_route=/litespeed/v1/notify_img HTTP/1.1" 200 725 "https://oldvillagepaint.com" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html) Chrome/112.0.0.0 Safari/537.36"
103.167.151.84 - - [31/Jul/2025:08:11:25 -0400] "POST /?rest_route=/litespeed/v1/notify_img HTTP/1.1" 200 725 "https://oldvillagepaint.com" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html) Chrome/112.0.0.0 Safari/537.36"
103.167.151.84 - - [31/Jul/2025:08:11:25 -0400] "POST /?rest_route=/litespeed/v1/notify_img HTTP/1.1" 301 1294 "https://oldvillagepaint.com" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html) Chrome/112.0.0.0 Safari/537.36"
103.167.151.84 - - [31/Jul/2025:08:11:26 -0400] "POST /?rest_route=/litespeed/v1/notify_img HTTP/1.1" 301 1294 "https://oldvillagepaint.com" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html) Chrome/112.0.0.0 Safari/537.36"
209.159.155.107 - - [31/Jul/2025:08:11:21 -0400] "POST /wp-admin/admin-ajax.php?action=as_async_request_queue_runner&nonce=ccbe91c550 HTTP/1.1" 200 781 "-" "WordPress/6.2.6; https://www.classicpress.net/?wp_compatible=true&ver=2.4.1"
103.167.151.84 - - [31/Jul/2025:08:11:30 -0400] "POST /?rest_route=/litespeed/v1/notify_img HTTP/1.1" 200 725 "https://oldvillagepaint.com" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html) Chrome/112.0.0.0 Safari/537.36"
103.167.151.84 - - [31/Jul/2025:08:11:30 -0400] "POST /?rest_route=/litespeed/v1/notify_img HTTP/1.1" 301 1294 "https://oldvillagepaint.com" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html) Chrome/112.0.0.0 Safari/537.36"
103.167.151.84 - - [31/Jul/2025:08:11:32 -0400] "POST /?rest_route=/litespeed/v1/notify_img HTTP/1.1" 200 725 "https://oldvillagepaint.com" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html) Chrome/112.0.0.0 Safari/537.36"
103.167.151.84 - - [31/Jul/2025:08:11:32 -0400] "POST /?rest_route=/litespeed/v1/notify_img HTTP/1.1" 301 1294 "https://oldvillagepaint.com" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; qcbot/1.0; +http://quic.cloud/bot.html) Chrome/112.0.0.0 Safari/537.36"

It seems to be connecting based on that, but still doesn’t work. Had mod security disabled, and nothing else should be blocking the requests. The IPs are whitelisted in firewall and also to access REST api.

Great. Thank you.